Trust Center
ComplaintLab for regulated complaint operations, with the diligence materials buyers expect.
Review security, data handling, and compliance evidence for procurement, compliance, and technical reviewers evaluating Complaint Analyst.
Runtime-backed proof
Current data-handling posture.
These rows track the canonical product baseline and only publish claims the runtime can prove today.
Request-only details
- High-sensitivity provider posture details stay inside diligence materials until the runtime mode is live and parity-checked.
- Validated retention overlay details stay request-only until active overlays are live and parity-checked.
Documentation
Detailed evidence for each area of your vendor evaluation.
Security & Data Protection
Encryption, access controls, PII masking, EU-hosted infrastructure, and incident response.
Read more →DISP Compliance
How Complaint Analyst enforces every FCA DISP rule, from 5-day acknowledgment to 8-week deadlines.
Read more →AI Safety & Bias Auditing
PII masking pipeline, prompt versioning, human approval workflows, and bias detection.
Read more →Regulatory Alignment
Current compliance posture across FCA DISP, PSD2, GDPR, EBA Guidelines, and ADR Directive.
Read more →Data Residency & Hosting
Where complaint data lives, how backups and disaster recovery work, sub-processors, and cross-border transfer constraints.
Read more →Accessibility Statement
Target standards, keyboard and screen reader support, known limitations, and how to report an accessibility barrier.
Read more →Data Protection & GDPR
Controller and processor split, data subject rights, PII masking before AI calls, retention vs erasure, transfer posture, and breach response.
Read more →Incident Response & Breach Notification
Detection, triage, containment, customer and regulator notification timelines (GDPR 72-hour, FCA DISP, PSD2), and post-incident review.
Read more →Audit Reports & Certifications
SOC 2 progress, penetration test summary (sanitised), security certifications, and current assurance posture.
Read more →Regulatory coverage
Regulatory Support Matrix.
Complaint Analyst is built around the FCA DISP framework and extends to six EU markets. Each jurisdiction entry reflects where the platform has complaint-handling workflow support today.
Final response deadlines, FRL outputs, and board-ready monthly reporting.
Jurisdiction-aware complaint handling and readiness scoring.
Cross-market complaint operations with regulator-specific coverage.
Knowledge Base and readiness support for Dutch complaint workflows.
Irish financial-services routing and reporting support, with broader Ireland scope anchored to the public market-readiness guide.
Spanish complaint workflow support in the same evidence model.
At a glance
Current public data-handling snapshot.
FAQ
Questions we expect during procurement and security review.
Where is my data stored?
Complaint data is stored in the EU with encrypted backups and tenancy-aware access controls.
Does AI see personal data?
Complaint text is masked before remote AI calls. Especially sensitive complaints are screened locally and can require governed review before remote processing.
How are exports and regulator packs controlled?
Disclosure exports run against the same versioned data-handling policy used elsewhere in the product. When a stricter posture is configured, governed approval is required before retry and stale approvals cannot be replayed after the ticket, export scope, or policy version changes.
What retention period do you describe publicly?
The public baseline remains the canonical FCA-aligned 7-year retention story. Validated per-vertical overlays stay out of the public Trust Center until they are active and parity-checked.
What certifications or compliance signals are available today?
The Trust Center covers GDPR-aligned handling, FCA DISP test coverage, encryption controls, audit logging, and current diligence materials. SOC 2 remains in progress and is not presented as achieved.
Do you support SSO?
Enterprise SSO is on the roadmap. Today the product supports JWT-based auth with optional TOTP 2FA.
What is your incident response posture?
Operational follow-up is handled through the same audit-oriented workflow the product uses for complaint operations, with clear ownership and escalation paths during customer review.
What happens on contract termination?
Data export and secure deletion are handled as part of the offboarding process, with identifying data removed where appropriate and regulated-record retention obligations still honored.
Can we request questionnaire responses or diligence materials?
Yes. Use the Trust Center request flow and we will route the request to the right follow-up.
How often are compliance checks run?
The automated FCA compliance checks run in CI on every release path rather than being deferred to manual review.
Diligence follow-up
Need the packet or a concrete answer for your review?
Use the Trust Center request flow and we'll route the follow-up without dropping you into a generic sales form.
- Trust packet and security contact stay separate from demo follow-up.
- Request type stays encoded in the URL so reloads do not lose context.
- We aim to respond to diligence requests within one business day.